diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-09 13:51:45 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2020-05-09 13:51:45 +0000 |
| commit | 2e9d88e37299b2c961304c33394c685f7c7a165b (patch) | |
| tree | bd0160847be0d4b3360b0bb4e12494a9a15abca2 | |
| parent | e08d5914dd7e1ea431a3e55853f9527ced7e5e8a (diff) | |
On receiving an overlong session ID terminate with an illegal_parameter
alert. Found with tlsfuzzer.
ok jsing
| -rw-r--r-- | lib/libssl/ssl_srvr.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c index c9c24f0453b..72419dcf3a0 100644 --- a/lib/libssl/ssl_srvr.c +++ b/lib/libssl/ssl_srvr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_srvr.c,v 1.73 2020/03/06 16:31:30 tb Exp $ */ +/* $OpenBSD: ssl_srvr.c,v 1.74 2020/05/09 13:51:44 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -834,6 +834,11 @@ ssl3_get_client_hello(SSL *s) goto truncated; if (!CBS_get_u8_length_prefixed(&cbs, &session_id)) goto truncated; + if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG); + goto f_err; + } if (SSL_IS_DTLS(s)) { if (!CBS_get_u8_length_prefixed(&cbs, &cookie)) goto truncated; |